Privacy policy

CLOUD WORKSPACES SL (hereinafter, CLOUDWORKS) as Responsible for the Treatment and of this website, in accordance with the provisions of General Data Protection Regulation Regulation (EU) 2016/679 and Organic Law 3/2018, of 5 December on Protection of Personal Data and guarantee of digital rights, makes this privacy policy available to you in order to inform you, in detail, about how we treat your personal data and protect your privacy and the information you provide us In this privacy policy we explain what your rights are regarding your personal information and how to exercise them. Additionally, in case you need to contact the competent authority in matters of data protection, we provide you with the contact information.

We, the controllers of your data Entity: CLOUD WORKSPACES SL TIN: B 65071862 Registered office: Sardenya 229-237 P. At. 08013 BARCELONA. Telephone: +800 200 459 Email: privacy@ wearecloudworks.com 
Our Data Protection Officer (DPO) If you have any type of consultation, doubt or suggestion regarding how we use your personal data, you can contact the Data Protection Officer by email dpo@coworkinginthecloud.com

What data do we collect? The personal data that we collect from users and customers can be grouped according to the following categories:

  • Basic and contact data: such as name, surname, username or similar identifier, marital status, degrees, date of birth or gender. Also including your billing and delivery address, email and phone number. Financial and economic data: this group would include the details of payment, return and reimbursement, as well as the commercial transactions carried out with us. Including identity verification data for the acceptance of payments and the pertinent financial verifications to be able to carry out commercial transactions.
  • Professional and employment data: this category would include your professional interests and your professional identity published online. For example, your LinkedIn profile.
  • Technical data: including IP address, registration data, browser and version used, zone and time of usage, type of plugins installed in your browser, operating system and other technology used during access to our platform. 
  • Data from your user account (cloudworks app): such as the profile name and password.
  • Browsing data: includes information regarding your browsing mode when you visit our platform.
  • Marketing and communication preferences: we collect your preferences to receive commercial communications and news from us, the consents granted for it and the channel of your choice.
  • Images captured by video surveillance cameras: the images that could be captured by video surveillance cameras in commercial establishments, if any, are grouped here. 
  • Biometric data: fingerprint for security control at the entrance and exit of the coworking spaces.

We will never collect personal data that is specially protected or considered sensitive.  How do we collect personal data? As a general rule, most of your personal information is provided to us directly by you, either in person at our coworking spaces, by phone, mail, web forms or by responding to surveys. However, we may also obtain information:

  • From third parties linked to us, such as:
  • From your employer
  • From a third party that has previously obtained your express consent to do so.
  • From the cookies that we enable on our website – For more information about the use of our cookies, you can visit our cookie policy.
  • From our access systems to the facilities, when any. Such as, for example, would be the entry and reception logs, the card systems in the case of employees, video surveillance cameras, communication systems and instant messaging, email or social networks.

What can happen if you do not provide us with your personal information? When we are required by law to collect your personal data or, when this is essential to enter into a contract with you, in the event that you do not want to provide us with your personal data, we will not be able to fulfil the purposes described. In the event that we find it necessary to cancel our services for this reason, we will notify you first when necessary.    For what purpose do we process your personal data? We attach a detailed table with the purpose for which we collect your data and the legal basis that legitimises us for it.

Purpose of processing Why do we collect your data? Legal legitimacy  to process your personal data
To provide you with our services, accept payments and overdue charges (1) Contractual execution (2) Legitimate self-interest (for example, to manage possible non-payments)
Register as a web user or new customer (1) Express consent of the interested party (2) Contractual execution
Manage our relationship with our customers, which includes: (1) Notify you of changes in our contracting conditions or policies (2) Request that you respond to a survey or rate our products/services (1) Contractual execution (2) Compliance with a legal obligation (3) Legitimate self-interest (to update our records and know the opinion of our customers about our products/services)
Send commercial communications, newsletters and advertising, through any communication channel (1) Express consent of the interested party  (2) Legitimate self-interest (you have not always expressed your wish to stop receiving communication, ‘opt-out’)
Respond to enquiries and/or provide information required by the interested party, including sending quotes (1) Legitimate self-interest (2) Contractual execution (3) Consent of the interested party (4) Compliance with a legal obligation
Manage user interactions on our social networks (1) Compliance with a legal obligation (for example to eliminate offensive, racist, vulgar or insulting comments; maintain an environment of respect and integration, preserve the privacy of minors, etc.) (2) Legitimate self-interest (for example, when we remove third-party advertising from our networks)
Use analytical data to improve the web browsing experience / use of the app, implement marketing strategies and optimize contracting processes through the use of cookies. (1) Legitimate self-interest (2) Consent of the interested party (for example, by accepting the use of analytical cookies)
Manage and protect our business and our website. This includes the detection of navigation problems, data analysis, web/app tests, etc. (1) Compliance with a legal obligation (2) Legitimate self-interest (running our company, providing security for our networks, preventing fraud, etc.)
Suggest and recommend products and services that may be of interest to you (1) Legitimate interest (to grow our business)
Provide personal data to authorities or by court order Compliance with a legal obligation
Provide greater security to our physical facilities (installation of CCTV cameras / video surveillance, access control) In legitimate interest and in the interest of third parties. For example to detect the commission of an act harmful to our employees or customers.
Update and improve our customer records (1) In compliance with a legal obligation (2) In execution of a contract (3) In legitimate interest (to verify that we can continue to contact our customers for issues related to their subscriptions, orders or products purchased).
Guarantee safety at work, personnel management and the employability of candidates (1) In compliance with a legal obligation (2) In legitimate self-interest and that of third parties. To improve the experience of our employees when carrying out their dueties.

With whom can we share your personal data? We may share your personal data with: 

  • Third party companies that we subcontract or service providers.
  • Third parties we need to manage our business.
  • The banking entities we work with.

All suppliers we work with are contractually bound to us. We can guarantee that they comply with all the necessary security measures to safeguard your personal data, that they will use your personal data solely and exclusively for the specified purposes, in accordance with our instructions. We will also share personal data with law enforcement agencies when the law requires us to do so.    Where do we store your personal data? All the data you provide us, both through this website and by other means or channels, will be stored on the servers of AMAZON WEB SERVICE AND GOOGLE. These servers are located within the European Economic Area.   International transfer of personal data In order to be able to provide the service, we will sometimes need to transfer your data outside the European Economic Area (EEA). For example:

  • To communicate with you or our suppliers when you are outside the EU;
  • When there is an international dimension in the products/services that we provide you.

International data transfers are subject to specific rules governed by the principles of data protection laws. This means that we can only transfer your data to countries or international organisations outside the EU, when:

  • The receiving country is considered safe by the competent authority in terms of the level of protection applied to personal data.
  • All the pertinent measures have been taken to guarantee the safeguarding of security and the correct development of your legal rights, as well as the possibility of filing claims.
  • There is an applicable exception according to data protection law.

How long will we keep your personal data? Your data will be kept for the duration of the commercial relationship with us or if you exercise your right of cancellation or opposition, or limitation of processing. However, we will keep certain personal identification and traffic data for a maximum period of 2 years in the event that it is required by the Judges and Courts or to initiate internal actions derived from the improper use of the website. Likewise, we inform you that our data storage policies are adjusted to the terms that mark the different legal responsibilities for limitation purposes: 

  • As a general rule:

Under the provisions of article 30 of the Commercial Code, and except for other criteria, all documents and/or data of the company will be kept for 6 years. This affects all accounting, tax, labor or commercial documentation, including correspondence.

  •  Specific deadlines: 

Our company must also set minimum deadlines depending on the type of data in question and taking into account the different statutes of limitations, which each of the departments must know. This table lists the statutes of limitations that affect or may affect our organisation:  

Matter Limitation Regulation
Labor, for the purposes of infractions 3 years Art. 4.1 RD 5/2000
Social Security, for the purposes of infractions 4 years Art. 4.2 RD 5/2000
Prevention of Occupational Risks, for the purposes of infractions 5 years Art. 4.3 RD 5/2000
Tax, for the purposes of tax debts 4 years Art. 66 Law 58/2003
Tax, for the purposes of checking offset fees or deductions applied 10 years Art. 66 bis Law 58/2003
Accounting and commercial 6 years Art. 30 of the CC
Crimes against Public Treasury and Social Security 10 years Art. 131 OL 10/1995

  You will not be subject to decisions based on automated processing that has effects on your data.   Our communications  All the personal data that you communicate to us will be incorporated into our information systems. If you accept this privacy policy, it means that you grant CLOUDWORKS the express consent to carry out the following activities and/or actions, unless you indicate otherwise:

  • To send you commercial, promotional and direct marketing communications by any means of communication enabled, to inform you of the activities, services, promotions, advertising, news, offers and other information about the services and products related to us and our group.

 

  • To the sending of communications electronically, provided that you have subscribed to our NEWSLETTER and have not unsubscribed.

 

  • The storage of the data during the periods established in the applicable provisions.

How to stop receiving marketing communications (opt-out)? At any time you can revoke any express consent you have given us to send you commercial information. To do this, you can request your withdrawal through the option (opt-out) when it is enabled in our app/web, or by sending us an email with the subject “unsubscribe” to privacy@wearecloudworks.com In accordance with the LSSICE, we never send out SPAM, therefore, we will not send you commercial emails if they have not been requested or authorised by you. However, in all our communications, you will have the possibility to revoke your consent.  We will not process your personal data for any other purpose than those described except by legal obligation or judicial requirement.   User responsibility – Declaration of veracity By providing us with your personal data through electronic channels, the user declares that they are over 14 years of age and that all data provided to CLOUDWORKS is true, accurate, complete and up-to-date. For these purposes, the user confirms that they are responsible for the veracity of the data communicated and that they will keep said data suitably updated so that it responds to their real situation, being responsible for the false and inaccurate data that they may provide, as well as for the damages, direct or indirect, that may arise.    If you send us your resume … In the event that you want to send us your CV through our website/email, we inform you that the data provided will be processed to allow you to participate in the selection processes that may exist, carrying out an analysis of your professional profile with the objective of selecting the most suitable candidate in case a vacancy occurs. We do not accept resumes sent through other channels (for example, hand-delivered on paper). In the event of any change in the data, please notify us in writing as soon as possible, in order to keep your data duly updated. The resumes will be kept for a maximum period of one year, after which they will be securely destroyed and all the data included will be deleted. We fully guarantee the confidentiality of your data. In this respect, after the aforementioned period, if you wish to continue taking part in potential selection processes, you must send your resume again.    How do we keep your data secure? We take the protection of your data very seriously. For this reason, we guarantee the implementation of security measures, controls and procedures of a physical, organisational and technological nature, appropriate to prevent your data from being accidentally lost, used or accessed maliciously. We limit access to your data to persons and entities authorised to do so and we make sure to properly train all our staff. All those involved in the processing of your personal data are subject to the obligation of strict confidentiality. Additionally, we apply technical procedures to react to any suspicion that could constitute a data security breach. If necessary, we will notify you about it, as well as the supervisory authority (the AEPD in Spain), in accordance with current regulations.   How to exercise your ARCOLP rights? Both the RGPD and the regulation of transposition to Spanish law (the LOPDGDD), guarantee the exercise of the following rights. You can exercise them at any time and always free of charge:

Right of access The right to receive a copy of your personal data.
Right to rectification  The right to request the correction of errors in personal data.
Right to erasure (right to be forgotten) The right to request that we delete your personal data – in certain situations.
Right to restriction of processing The right to request the restriction of the processing of your data.
Right to object The right to object to: -the processing of your data for direct marketing (including the creation of profiles). -continue processing your data, in certain circumstances. For example, the treatment carried out based on our legitimate interest.
Right of data portability The right to receive your personal data in a structured, readable format and/or transmit this data to a third party – in specific situations.
Right to avoid automated decision-making Right not to be the subject to a decision based solely on automated processing, including profiling, that has legal effects or that affects significantly.

To exercise any of the aforementioned rights, please send us your request to the email created specifically for this purpose: privacy@wearecloudworks.com    You can also contact our Data Protection Officer directly at: dpo@coworkinginthecloud.com    In your request you must include information on what exactly you need and in all events provide oficial proof of your identity.   The data protection supervisory authority We hope to resolve any questions or concerns that may concern you in relation to your personal data. But if you want to file a complaint with the competent authority, you have the right to do so. In Spain, the highest authority in terms of data protection is the Spanish Data Protection Agency (AEPD). https://www.aepd.es/es – Tel: 91 266 35 17.   Changes in this privacy policy CLOUDWORKS reserves the right to modify this policy to adapt it to the new legislative or jurisprudential requirements.